Carterzudo

Need Help for Gerosan Files Encrypted

Recommended Posts

That is more than likely a variant of the STOP/Djvu ransomware. You may verify that using ID Ransomware if you'd like to:
https://id-ransomware.malwarehunterteam.com/

While STOPDecrypter probably won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:
https://kb.gt500.org/stopdecrypter

 

While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.

Share this post


Link to post
Share on other sites

@Mohamad Ajmal

This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017.
Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected.

Demonslay335  (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible.

Download STOP Decrypter >>>

If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:
https://kb.gt500.org/stopdecrypter 

While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers, which infect and will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check PC and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

 

Share this post


Link to post
Share on other sites

Could you please help me 

 

i'm trying to follow the instruction but no clue 

already scanned all files with Kaspersky internet security and spyhunter 

 

when i try stopdecrypter it shows no Key 

 

kindly find attached 2 files as suggested 

please help me asap all my work and company paper will lost 

Addition.txt FRST.txt

Share this post


Link to post
Share on other sites

@mdaher

Uninstall SpyHunter first. Then restart the PC, even if there is no such request from this program.

Uninstall McAfee Security Scan. This is a quick scan tool and it will not protect your PC from threats.

Share this post


Link to post
Share on other sites
3 minutes ago, Amigo-A said:

@mdaher

Uninstall SpyHunter first. Then restart the PC, even if there is no such request from this program.

Uninstall McAfee Security Scan. This is a quick scan tool and it will not protect your PC from threats.

Thanks for your reply .. but what shall i do ????

Share this post


Link to post
Share on other sites
25 minutes ago, Amigo-A said:

Also attach this files: 

STOPDecrypter-log.txt
_readme.txt

Dear Sir please help me all my work and files are encrypted 

 

i'm trying to follow you instruction 

1- downloaded FRST and scanned and the 2 files attached 

2- i'm scanning the files with Kasperysky Internet security and it's deleting all malware 

3- spyhunter didn't detect any malware 

 

4 stopdecrypter no key message 

 

please help me with instruction to decrypt and get back all my files 

 

Addition.txt FRST.txt STOPDecrypter-log.txt

Share this post


Link to post
Share on other sites

Need still  file _readme.txt

He is in your  C:\_readme.txt

 

Tomorrow the @GT500 will transfer your information to the STOPDecrypter developer. Perhaps this will help.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.